🔐 Security Titles

Defensive Security Professional Titles


This page provides standardized job titles, responsibilities, and expectations for defensive security professionals. Use these frameworks to understand career progression, set role expectations, and benchmark compensation.
How to use these tables:

SOC Analyst

Security Operations Center professionals who monitor, detect, and respond to security threats and incidents. Serve as the front line of defense, triaging alerts, investigating suspicious activity, and coordinating incident response efforts.

Attribute Analyst 1 / Entry Analyst 2 / Junior Analyst 3 / Mid Analyst 4 / Senior / Lead
General Description Entry-level SOC analyst learning security monitoring fundamentals and alert triage processes. Follows established playbooks to investigate and escalate security events. Develops foundational knowledge of security tools, attack patterns, and incident response procedures. Junior SOC analyst capable of conducting independent alert investigations and participating in incident response activities. Demonstrates proficiency with security monitoring tools and can identify true positive security events. Beginning to develop specialization in specific threat types or tools. Experienced SOC analyst who leads incident investigations and drives detection improvements. Demonstrates expertise in threat analysis, incident response, and security tool optimization. Serves as subject matter expert for specific threat types or platforms and mentors junior analysts. Senior SOC analyst and team leader who sets direction for security monitoring and incident response capabilities. Leads the most complex investigations and serves as the escalation point for critical incidents. Drives strategic improvements to detection, response, and SOC operations.
Primary Responsibilities
  • Monitor security alerts from SIEM, EDR, and other detection tools
  • Triage and categorize alerts following established playbooks
  • Escalate potential incidents to senior analysts
  • Document alert investigations and outcomes
  • Perform initial data gathering for incident investigations
  • Maintain awareness of current threat landscape
  • Update and maintain ticketing systems and case notes
  • Independently investigate and disposition security alerts
  • Participate in incident response and containment activities
  • Perform log analysis and correlation across data sources
  • Create and refine detection rules and alerts
  • Document incidents and investigation findings thoroughly
  • Identify patterns and trends in security events
  • Contribute to playbook development and refinement
  • Assist with threat intelligence integration
  • Lead complex incident investigations from detection through resolution
  • Develop and optimize detection rules and use cases
  • Perform proactive threat hunting across the environment
  • Conduct root cause analysis and recommend remediation
  • Mentor junior analysts and review their work
  • Create and maintain SOC playbooks and procedures
  • Integrate threat intelligence into detection capabilities
  • Produce incident reports and executive summaries
  • Collaborate with other security teams on improvements
  • Lead and coordinate response to critical security incidents
  • Define SOC strategy, processes, and operational standards
  • Develop advanced detection capabilities and threat hunting programs
  • Mentor and develop SOC analyst team
  • Interface with executive leadership during major incidents
  • Drive continuous improvement in SOC metrics and effectiveness
  • Evaluate and recommend security monitoring technologies
  • Build relationships with threat intelligence providers
  • Represent SOC in cross-functional security initiatives
  • Produce strategic reports and briefings for leadership
Required Skills
  • Basic understanding of TCP/IP networking and common protocols
  • Familiarity with Windows and Linux operating systems
  • Knowledge of common attack types and indicators of compromise
  • Basic SIEM query and navigation skills
  • Understanding of security fundamentals (CIA triad, defense in depth)
  • Attention to detail and documentation skills
  • Ability to follow procedures and playbooks accurately
  • Proficiency with SIEM platforms (Splunk, Sentinel, QRadar)
  • EDR tool operation and investigation (CrowdStrike, Defender, Carbon Black)
  • Log analysis across multiple data sources
  • Understanding of attack frameworks (MITRE ATT&CK, Kill Chain)
  • Network traffic analysis basics
  • Incident documentation and reporting
  • Intermediate scripting for automation
  • Expert-level SIEM administration and query development
  • Advanced incident response and forensic techniques
  • Threat hunting methodology and execution
  • Detection engineering and rule development
  • Malware analysis and reverse engineering basics
  • Strong analytical and problem-solving skills
  • Technical writing and presentation skills
  • Cross-team collaboration and communication
  • Mastery of security monitoring and incident response
  • Advanced threat hunting and detection engineering
  • Team leadership and people development
  • Strategic planning and program management
  • Executive communication and presentation
  • Vendor and tool evaluation
  • Metrics development and reporting
  • Cross-functional collaboration and influence
Preferred Skills
  • Home lab experience with security tools
  • CTF or TryHackMe/HackTheBox participation
  • Basic scripting ability (Python, PowerShell)
  • Familiarity with ticketing systems
  • Knowledge of common malware behaviors
  • Threat hunting fundamentals
  • Malware analysis basics
  • Cloud security monitoring (AWS, Azure)
  • Email security and phishing analysis
  • Forensic artifact collection
  • Digital forensics (memory, disk, network)
  • Cloud security monitoring and response
  • Automation and orchestration (SOAR)
  • Programming for security tooling
  • Threat intelligence analysis
  • SOC architecture and design
  • SOAR platform implementation
  • Threat intelligence program development
  • Budget planning and management
  • Industry speaking or writing
Mentorship Requirements Receives direct mentorship from Senior SOC analysts. Participates in shift handoffs and team briefings. Expected to complete SOC onboarding and tool training within first 3 months. Shadows senior analysts on incident investigations. Receives guidance from Senior analysts on complex investigations. Expected to begin mentoring Entry-level analysts informally. Participates in knowledge sharing and team training sessions. Should be developing expertise in 1-2 specific areas. Primary mentor for Junior and Entry analysts. Leads training sessions on specialty areas. Expected to develop and maintain SOC training materials. Establishes reputation as go-to expert in specific domains. Primary mentor for Mid and Junior analysts. Responsible for team career development. Creates mentorship programs and growth paths. Industry mentorship through community engagement. Shapes SOC analyst development curriculum.
Impact Scope Individual contributor on alert triage and initial investigation. Impact limited to assigned alerts and tickets. Work is reviewed before escalation or closure. Contributes to overall SOC coverage and response time metrics. Directly contributes to incident detection and response. Responsible for accurate alert triage and investigation. Detection improvements impact organizational security posture. Beginning to influence SOC processes. Shapes SOC detection capabilities and processes. Leads major incident responses impacting organization. Detection improvements measurably reduce risk. Influences tool selection and investment decisions. Defines SOC capabilities and strategic direction. Critical incident outcomes depend on leadership. Team development impacts organizational security maturity. Industry influence through thought leadership.
Autonomy & Decision Authority Works under close supervision following playbooks. Follows established escalation procedures. Limited authority to close alerts independently. Escalates all potential incidents to senior team members. Works with moderate supervision. Can make triage decisions on standard alerts. Authority to close false positives independently. Escalates complex or high-severity incidents. Works independently with strategic guidance. Makes significant investigation and response decisions. Authority over detection rule development. Consulted on SOC process and tooling decisions. High autonomy with strategic alignment. Makes significant operational and investment decisions. Authority over SOC processes and standards. Trusted to represent organization during incidents and externally.
Communication & Stakeholders Primarily internal communication with SOC team and shift lead. Documents findings in ticketing system. May participate in shift handoffs. Limited interaction outside immediate team. Regular interaction with SOC team and incident responders. May communicate with IT teams during incidents. Participates in incident bridges. Documents findings for broader team consumption. Regular communication with security leadership. Presents findings to technical and management audiences. Primary analyst contact for major incidents. Coordinates with IT, legal, and business stakeholders during incidents. Executive and board-level communication during incidents. Represents SOC to organizational leadership. Industry conference presentations. Builds relationships with peers at other organizations.
Degree / Experience Bachelor's degree in Computer Science, Cybersecurity, IT, or related field, OR 1-2 years of IT support or helpdesk experience, OR completion of SOC analyst training program with demonstrated practical skills. Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 2-3 years of SOC or security monitoring experience. Demonstrated investigation skills and tool proficiency. Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 4-6 years of SOC or incident response experience. Demonstrated leadership in major incident investigations. May have Master's degree with less experience. Bachelor's or Master's degree in relevant field, OR 6-10 years of SOC or incident response experience. Demonstrated team leadership and strategic impact. Industry recognition through speaking or publications.
Certifications
  • CompTIA Security+
  • CompTIA CySA+
  • Splunk Core Certified User
  • Microsoft SC-200
  • CompTIA CySA+
  • Splunk Core Certified Power User
  • GIAC Security Essentials (GSEC)
  • Microsoft SC-200
  • BTL1 (Blue Team Level 1)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Enterprise Defender (GCED)
  • Splunk Enterprise Certified Admin
  • CrowdStrike Certified Falcon Responder
  • BTL2 (Blue Team Level 2)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Security Operations Certified (GSOC)
  • CISSP
  • CISM
  • Industry recognition may substitute
Salary: US Gov't $50,000 - $70,000 (GS-7 to GS-9) $65,000 - $85,000 (GS-9 to GS-11) $85,000 - $115,000 (GS-12 to GS-13) $110,000 - $145,000 (GS-14 to GS-15)
Salary: US Startup $55,000 - $75,000 $70,000 - $95,000 $95,000 - $130,000 $130,000 - $170,000 + equity
Salary: US Corporate $50,000 - $70,000 $65,000 - $90,000 $90,000 - $120,000 $120,000 - $160,000
↑ Back to navigation

Security Administrator

Professionals who implement, configure, and maintain security controls and infrastructure. Responsible for the day-to-day operation of security tools, policy enforcement, and ensuring security systems function effectively to protect organizational assets.

Attribute Admin 1 / Entry Admin 2 / Junior Admin 3 / Mid Admin 4 / Senior / Lead
General Description Entry-level security administrator learning to operate and maintain security tools and controls. Performs routine administrative tasks following established procedures. Develops foundational knowledge of security technologies, access management, and policy implementation. Junior security administrator capable of independently managing security tools and implementing security controls. Demonstrates proficiency in security system administration and can troubleshoot common issues. Beginning to develop expertise in specific security technologies or domains. Experienced security administrator who independently manages complex security infrastructure and leads implementation projects. Serves as subject matter expert for specific security technologies and mentors junior team members. Contributes to security architecture decisions and process improvements. Senior security administrator and technical leader who sets direction for security infrastructure and operations. Leads complex enterprise-wide security implementations and serves as the escalation point for critical security system issues. Drives strategic improvements and technology roadmaps.
Primary Responsibilities
  • Perform routine security tool maintenance and updates
  • Process access requests following established procedures
  • Monitor security system health and availability
  • Assist with user provisioning and deprovisioning
  • Document security configurations and procedures
  • Respond to basic security-related helpdesk tickets
  • Participate in security tool deployments
  • Maintain security asset inventories
  • Configure and maintain security tools and platforms
  • Implement security policies and access controls
  • Manage identity and access management systems
  • Perform security tool updates and patch management
  • Troubleshoot security system issues
  • Create and maintain security documentation
  • Participate in security projects and deployments
  • Assist with security audits and compliance activities
  • Monitor and optimize security tool performance
  • Design and implement security tool configurations
  • Lead security infrastructure projects
  • Optimize security controls for effectiveness and efficiency
  • Develop automation for security operations
  • Create standards and procedures for security administration
  • Mentor junior security administrators
  • Evaluate and recommend security technologies
  • Support security audits and remediation efforts
  • Collaborate with architecture team on security designs
  • Troubleshoot complex security system issues
  • Define security infrastructure strategy and roadmap
  • Lead enterprise-wide security implementations
  • Architect security tool integrations and workflows
  • Develop and maintain security operations standards
  • Mentor and develop security administration team
  • Evaluate emerging technologies and make recommendations
  • Manage vendor relationships and contracts
  • Drive automation and efficiency improvements
  • Support M&A and integration activities
  • Represent security infrastructure in cross-functional initiatives
Required Skills
  • Basic Windows and Linux system administration
  • Understanding of identity and access management concepts
  • Familiarity with common security tools (firewalls, AV, EDR)
  • Basic networking knowledge (TCP/IP, DNS, DHCP)
  • Documentation and procedure following
  • Ticketing system operation
  • Basic troubleshooting skills
  • Proficiency with security tool administration
  • Identity and access management operations
  • Firewall and network security device management
  • Endpoint security platform administration
  • Intermediate scripting for automation
  • Security policy implementation
  • Troubleshooting and problem resolution
  • Change management procedures
  • Expert-level security tool administration
  • Security infrastructure design and implementation
  • Advanced automation and scripting
  • Integration of security tools and systems
  • Vendor management and evaluation
  • Project management fundamentals
  • Technical mentorship and knowledge transfer
  • Cross-functional collaboration
  • Mastery of enterprise security infrastructure
  • Strategic planning and roadmap development
  • Team leadership and people development
  • Vendor management and negotiation
  • Budget planning and management
  • Executive communication and presentation
  • Enterprise architecture collaboration
  • Change management and governance
Preferred Skills
  • Active Directory administration basics
  • Cloud platform familiarity (AWS, Azure)
  • Scripting basics (PowerShell, Python)
  • Virtualization platform experience
  • Security tool certifications
  • Cloud security controls (AWS, Azure, GCP)
  • Privileged access management
  • Security orchestration and automation
  • Certificate and key management
  • Security baseline hardening
  • Infrastructure as code (Terraform, Ansible)
  • Cloud security architecture
  • Zero trust implementation
  • Security tool API integration
  • Enterprise architecture fundamentals
  • Enterprise security architecture
  • Program and portfolio management
  • Financial management and ROI analysis
  • Industry speaking or thought leadership
  • M&A technical due diligence
Mentorship Requirements Receives direct mentorship from Senior security administrators. Shadows on complex tasks and projects. Expected to complete tool-specific training within first 6 months. Participates in team knowledge sharing sessions. Receives guidance from Senior administrators on complex tasks. Expected to begin mentoring Entry-level team members. Contributes to documentation and procedure development. Should be developing expertise in specific tool sets. Primary mentor for Junior and Entry administrators. Leads training on specialty tools and technologies. Expected to develop standards and best practices documentation. Establishes reputation as go-to expert in specific domains. Primary mentor for Mid and Junior administrators. Responsible for team career development and growth. Creates technical career paths and development programs. Industry mentorship through community engagement.
Impact Scope Individual contributor on assigned administrative tasks. Impact limited to routine operations and ticket resolution. Work is reviewed before implementation. Supports overall security operations effectiveness. Directly maintains security controls protecting organization. Responsible for tool availability and effectiveness. Configuration changes impact security posture. Beginning to influence security infrastructure decisions. Shapes security infrastructure capabilities. Project outcomes directly impact security posture. Standards and automation improve team effectiveness. Influences technology selection and investment. Defines security infrastructure capabilities for organization. Strategic decisions impact long-term security posture. Team development impacts organizational maturity. Vendor relationships affect cost and capability.
Autonomy & Decision Authority Works under close supervision. Follows established procedures for all tasks. Limited authority to make configuration changes independently. Escalates non-routine requests to senior team members. Works with moderate supervision. Can make routine configuration decisions. Authority to implement approved changes independently. Escalates significant changes or non-standard requests. Works independently with strategic guidance. Makes significant configuration and design decisions. Authority over tool optimization and automation. Consulted on infrastructure and architecture decisions. High autonomy with strategic alignment. Makes significant infrastructure and investment decisions. Authority over security administration standards. Trusted to represent organization with vendors and partners.
Communication & Stakeholders Primarily internal communication with security team and IT. Responds to tickets from end users. Documents work in ticketing systems. Limited stakeholder interaction outside immediate team. Regular interaction with IT teams and security stakeholders. Communicates with vendors on support issues. Participates in project meetings. Documents work for team consumption. Regular communication with security leadership and IT. Presents technical recommendations to stakeholders. Coordinates with vendors on complex issues. Documents standards for broader organization. Executive-level communication on infrastructure strategy. Represents team to organizational leadership. Presents to steering committees and governance boards. Builds relationships with industry peers.
Degree / Experience Bachelor's degree in IT, Computer Science, Cybersecurity, or related field, OR 1-2 years of IT administration experience, OR completion of relevant technical certification program. Bachelor's degree in IT, Cybersecurity, or related field, OR 2-4 years of security or IT administration experience. Demonstrated proficiency with security tool administration. Bachelor's degree in IT, Cybersecurity, or related field, OR 4-6 years of security administration experience. Demonstrated expertise with complex security infrastructure. May have Master's degree with less experience. Bachelor's or Master's degree in relevant field, OR 6-10 years of security administration experience. Demonstrated team leadership and strategic impact. Industry recognition through certifications or contributions.
Certifications
  • CompTIA Security+
  • Microsoft Certified: Security Administrator
  • Vendor-specific tool certifications
  • CompTIA Network+
  • CompTIA Security+
  • Vendor certifications (Palo Alto, CrowdStrike, etc.)
  • Microsoft Certified: Identity and Access Administrator
  • AWS/Azure Security certifications
  • CISSP or equivalent
  • Advanced vendor certifications
  • Cloud security certifications (CCSP, AWS/Azure)
  • GIAC Systems and Network Auditor (GSNA)
  • CISSP
  • CISM
  • Multiple advanced vendor certifications
  • Cloud architect certifications
  • Industry recognition may substitute
Salary: US Gov't $50,000 - $70,000 (GS-7 to GS-9) $65,000 - $90,000 (GS-9 to GS-11) $90,000 - $120,000 (GS-12 to GS-13) $115,000 - $150,000 (GS-14 to GS-15)
Salary: US Startup $55,000 - $80,000 $75,000 - $100,000 $100,000 - $140,000 $140,000 - $180,000 + equity
Salary: US Corporate $50,000 - $75,000 $70,000 - $95,000 $95,000 - $130,000 $130,000 - $170,000
↑ Back to navigation

Security Engineer

Technical professionals who design, build, and implement security solutions and controls. Focus on developing security capabilities through engineering, automation, and integration. Bridge the gap between security requirements and technical implementation.

Attribute Engineer 1 / Entry Engineer 2 / Junior Engineer 3 / Mid Engineer 4 / Senior / Lead Engineer 5 / Staff Engineer 6 / Principal
General Description Entry-level security engineer learning to develop and implement security solutions. Assists with security tool deployments, automation development, and security control implementation. Focuses on building technical skills in security engineering and software development practices. Junior security engineer capable of independently developing security solutions and automation. Demonstrates proficiency in security engineering practices and can implement security controls in production environments. Beginning to develop expertise in specific security domains or technologies. Experienced security engineer who independently designs and implements complex security solutions. Leads engineering projects and serves as technical expert for specific security domains. Mentors junior engineers and contributes to security architecture decisions. Senior security engineer and technical leader who sets technical direction for security engineering initiatives. Leads complex, high-impact projects and serves as the escalation point for difficult engineering challenges. Drives innovation in security capabilities and represents engineering to the broader organization. Distinguished security engineer who operates at the highest levels of technical excellence. Defines organizational security engineering strategy and drives innovation across the practice. Recognized externally as an industry expert and thought leader in security engineering. Legendary security engineer at the pinnacle of technical expertise. Sets industry direction and is recognized globally as a defining voice in security engineering. Combines unparalleled technical depth with strategic vision and business impact.
Primary Responsibilities
  • Assist with security tool deployments and configurations
  • Develop basic scripts and automation for security tasks
  • Participate in security solution testing and validation
  • Document security implementations and procedures
  • Support security infrastructure maintenance
  • Learn and apply secure coding practices
  • Contribute to security automation projects
  • Participate in code reviews and testing
  • Develop security automation and tooling
  • Implement security controls in cloud and on-premise environments
  • Build integrations between security tools
  • Participate in security architecture reviews
  • Create and maintain security pipelines
  • Develop detection rules and security content
  • Support security tool deployments and upgrades
  • Contribute to incident response automation
  • Document technical designs and implementations
  • Design and implement complex security solutions
  • Lead security engineering projects
  • Architect security tool integrations and platforms
  • Develop security frameworks and libraries
  • Create security automation at scale
  • Mentor junior security engineers
  • Participate in security architecture reviews
  • Drive security engineering best practices
  • Evaluate and pilot new security technologies
  • Support incident response with engineering capabilities
  • Define security engineering strategy and technical direction
  • Lead complex, enterprise-wide security implementations
  • Architect security platforms and capabilities
  • Mentor and develop security engineering team
  • Drive innovation in security tooling and automation
  • Evaluate emerging technologies and make recommendations
  • Collaborate with security architecture on designs
  • Support incident response with advanced capabilities
  • Contribute to thought leadership (blogs, talks, tools)
  • Represent security engineering in cross-functional initiatives
  • Define security engineering strategy and technical vision
  • Lead research initiatives and capability development
  • Architect enterprise security platforms
  • Drive innovation in security automation and tooling
  • Develop strategic technical partnerships
  • Create thought leadership content and tools
  • Guide organizational technical investments
  • Represent organization in industry forums
  • Support strategic business and technology decisions
  • Define industry direction through research and innovation
  • Lead transformational technical initiatives
  • Serve as ultimate technical authority
  • Build strategic relationships at the highest levels
  • Shape organizational strategy and positioning
  • Incubate new capabilities and practices
  • Represent organization at premier industry venues
  • Guide technical due diligence for investments
Required Skills
  • Programming fundamentals (Python, Go, or similar)
  • Basic understanding of security concepts and controls
  • Familiarity with Linux and Windows systems
  • Version control systems (Git)
  • Basic networking and infrastructure knowledge
  • Understanding of CI/CD concepts
  • Documentation and technical writing
  • Proficiency in one or more programming languages
  • Security tool development and integration
  • Cloud security implementation (AWS, Azure, GCP)
  • Infrastructure as code (Terraform, CloudFormation)
  • CI/CD pipeline development
  • API design and development
  • Container security basics
  • Secure coding practices
  • Expert-level programming in multiple languages
  • Security platform architecture and design
  • Advanced cloud security engineering
  • Distributed systems and microservices security
  • Security tool development and customization
  • Performance optimization and scaling
  • Technical leadership and mentorship
  • Cross-functional collaboration
  • Mastery of security engineering across multiple domains
  • Security platform architecture and strategy
  • Team leadership and people development
  • Strategic planning and roadmap development
  • Executive communication and presentation
  • Vendor evaluation and management
  • Cross-functional influence and collaboration
  • Innovation and emerging technology assessment
  • World-class security engineering expertise
  • Strategic thinking and technical vision
  • Executive communication and influence
  • Deep expertise across security domains
  • Industry relationship building
  • Technical roadmap development
  • Cross-functional leadership
  • Innovation and incubation
  • Globally recognized security engineering expertise
  • Transformational leadership and vision
  • Executive and board-level communication
  • Industry-shaping influence
  • Strategic business development
  • Innovation leadership
Preferred Skills
  • Cloud platform experience (AWS, Azure, GCP)
  • Container technologies (Docker, Kubernetes)
  • Infrastructure as code basics
  • API development and integration
  • Security tool experience
  • SIEM engineering and content development
  • SOAR platform development
  • Kubernetes security
  • Identity platform development
  • Threat modeling participation
  • Security product development
  • Machine learning for security
  • Advanced threat detection development
  • Open-source security contributions
  • Security research and publications
  • Open-source security tool development
  • Security research and CVE discovery
  • Conference speaking experience
  • Patent or IP development
  • Startup or product experience
  • Major open-source security contributions
  • Published security research
  • Conference keynotes
  • Advisory board participation
  • Patent portfolio
  • Founded significant security tools or companies
  • Government advisory at national level
  • Major industry awards
  • Academic appointments
Mentorship Requirements Receives direct mentorship from Senior security engineers. Participates in code reviews and pair programming. Expected to complete engineering onboarding and training. Shadows on security projects and implementations. Receives guidance from Senior engineers on complex projects. Expected to begin mentoring Entry-level engineers informally. Contributes to engineering standards and documentation. Should be developing expertise in specific areas. Primary mentor for Junior and Entry engineers. Leads technical training and knowledge sharing. Expected to develop engineering standards and patterns. Establishes reputation as expert in specific domains. Primary mentor for multiple engineers. Responsible for team career development. Creates engineering development programs. Industry mentorship through community engagement. Shapes engineering culture and practices. Mentors Senior and Lead engineers. Shapes career paths across organization. Develops mentorship programs. Industry-level mentorship through community engagement. Sponsors high-potential individuals. Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through talent development. May sponsor research and education initiatives.
Impact Scope Individual contributor on assigned engineering tasks. Impact limited to specific components or scripts. Work is reviewed before deployment. Contributes to team automation and tooling improvements. Directly builds security capabilities protecting organization. Responsible for quality and reliability of developed solutions. Engineering decisions impact security effectiveness. Beginning to influence technical direction. Shapes security engineering capabilities. Project outcomes directly impact security posture. Engineering decisions set patterns for team. Influences technology selection and architecture. Defines security engineering capabilities for organization. Strategic decisions impact long-term security posture. Team development impacts organizational maturity. Innovation shapes competitive advantage. Organizational and industry-level impact. Shapes company technical reputation. Defines engineering capabilities and standards. Influences industry practices through thought leadership. Global industry impact. Defines how security engineering is practiced. Organizational transformation. Creates lasting contributions to the field.
Autonomy & Decision Authority Works under close supervision. Follows established coding standards and practices. Limited authority to make design decisions independently. Escalates technical questions to senior engineers. Works with moderate supervision. Can make implementation decisions within defined scope. Authority to merge code following review process. Escalates significant design decisions. Works independently with strategic guidance. Makes significant design and implementation decisions. Authority over technical approach within projects. Consulted on architecture and technology decisions. High autonomy with strategic alignment. Makes significant technical and investment decisions. Authority over engineering standards and practices. Trusted to represent organization externally. Near-complete technical autonomy. Strategic decision-making authority. Influences organizational direction. Authority over technical standards. Trusted advisor to executive leadership. Complete autonomy over technical domain. Executive-level decision authority. Shapes organizational strategy. May have significant investment authority.
Communication & Stakeholders Primarily internal communication with engineering team. Documents work in code repositories and wikis. Participates in team standups and planning. Limited stakeholder interaction outside immediate team. Regular interaction with security and engineering teams. Participates in architecture discussions. Documents designs for team review. May present technical solutions to stakeholders. Regular communication with security leadership and architecture. Presents technical designs to stakeholders. Coordinates with vendors on integrations. Documents patterns for broader organization. Executive-level communication on engineering strategy. Represents team to organizational leadership. Industry conference presentations. Builds relationships with industry peers and vendors. C-suite and board-level engagement. Industry-wide communication through publications. Builds relationships with industry peers. Media and analyst engagement. Global industry presence. Media and public thought leadership. Government engagement. Premier industry venues.
Degree / Experience Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field, OR 1-2 years of software development or IT experience, OR completion of coding bootcamp with security focus. Bachelor's degree in Computer Science, Software Engineering, or related field, OR 2-4 years of security engineering or software development experience. Demonstrated ability to build security solutions. Bachelor's degree in Computer Science, Software Engineering, or related field, OR 4-6 years of security engineering experience. Demonstrated track record of successful complex implementations. May have Master's degree with less experience. Bachelor's or Master's degree in relevant field, OR 6-10 years of security engineering experience. Demonstrated team leadership and strategic impact. Industry recognition through tools, research, or speaking. Bachelor's or Master's degree in relevant field, OR 10+ years of security engineering experience with demonstrated industry impact. Advanced degree may be expected. Industry recognition is essential. Advanced degree often present, but industry recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders or pioneers of major tools or techniques.
Certifications
  • CompTIA Security+
  • AWS/Azure Associate certifications
  • Programming language certifications
  • GIAC Foundational certifications
  • AWS/Azure Security Specialty
  • GIAC Cloud Security Automation (GCSA)
  • Certified Kubernetes Security Specialist (CKS)
  • HashiCorp Terraform certifications
  • CISSP or CCSP
  • Advanced cloud security certifications
  • GIAC Security Expert (GSE) path certifications
  • Platform-specific advanced certifications
  • CISSP, CCSP, or equivalent
  • Multiple advanced technical certifications
  • Industry recognition may substitute
  • Published research or tools
  • Multiple advanced certifications
  • Industry recognition supersedes certifications
  • Published research and tools
  • May hold advisory roles
  • Certifications are irrelevant at this level
  • Known by reputation and body of work
  • May have techniques or tools named after them
  • Industry hall of fame recognition
Salary: US Gov't $65,000 - $85,000 (GS-9 to GS-11) $80,000 - $110,000 (GS-11 to GS-12) $100,000 - $135,000 (GS-12 to GS-13) $125,000 - $160,000 (GS-14 to GS-15) $150,000 - $190,000 (GS-15 / SES equivalent) $180,000 - $230,000+ (Senior SES equivalent)
Salary: US Startup $75,000 - $100,000 $95,000 - $130,000 $130,000 - $170,000 $160,000 - $210,000 + equity $200,000 - $270,000 + significant equity $260,000 - $380,000+ + major equity
Salary: US Corporate $70,000 - $95,000 $90,000 - $120,000 $120,000 - $155,000 $150,000 - $195,000 $185,000 - $240,000 $240,000 - $320,000+
↑ Back to navigation

Security Architect

Strategic technical leaders who design security frameworks, architectures, and strategies for organizations. Focus on translating business requirements into security designs, evaluating technologies, and ensuring security is integrated into enterprise architecture.

Attribute Architect 1 / Entry Architect 2 / Junior Architect 3 / Mid Architect 4 / Senior Architect 5 / Staff Architect 6 / Principal
General Description Entry-level security architect learning security design principles and architecture methodologies. Assists with security assessments, documentation, and basic design work. Develops foundational knowledge of security frameworks, threat modeling, and enterprise architecture concepts. Junior security architect capable of contributing to security design work and conducting basic architecture assessments. Demonstrates proficiency in security frameworks and can perform threat modeling with guidance. Beginning to develop expertise in specific architecture domains. Experienced security architect who independently leads security design initiatives and architecture assessments. Serves as subject matter expert for specific architecture domains and mentors junior team members. Shapes security standards and patterns for the organization. Senior security architect who sets direction for enterprise security architecture. Leads complex, high-impact architecture initiatives and serves as the escalation point for difficult design challenges. Drives security architecture strategy and represents architecture to executive stakeholders. Distinguished security architect who defines organizational security architecture vision and strategy. Recognized externally as industry expert in security architecture. Shapes how security architecture is practiced and drives innovation in architecture methods and frameworks. Legendary security architect at the pinnacle of architecture expertise. Sets industry direction and is recognized globally as a defining voice in security architecture. Combines unparalleled architectural depth with strategic vision and transformational leadership.
Primary Responsibilities
  • Assist with security architecture documentation
  • Participate in security design reviews
  • Learn and apply security frameworks and standards
  • Support threat modeling activities
  • Document security requirements and controls
  • Assist with security assessments
  • Maintain architecture artifacts and diagrams
  • Research security technologies and solutions
  • Contribute to security architecture designs
  • Conduct threat modeling sessions
  • Perform security architecture assessments
  • Develop security reference architectures
  • Participate in technology evaluations
  • Create architecture documentation and standards
  • Support project security design reviews
  • Assess vendor and third-party security
  • Apply security frameworks to designs
  • Lead security architecture design initiatives
  • Conduct complex threat modeling and risk assessments
  • Develop security architecture roadmaps
  • Create and maintain security reference architectures
  • Lead technology evaluations and selections
  • Mentor junior architects
  • Drive security standards and patterns adoption
  • Assess enterprise security architecture maturity
  • Support security strategy development
  • Engage with enterprise architecture teams
  • Define enterprise security architecture strategy
  • Lead complex, enterprise-wide architecture initiatives
  • Develop security architecture governance frameworks
  • Mentor and develop architecture team
  • Drive security architecture standards adoption
  • Evaluate emerging technologies and trends
  • Support security strategy and roadmap development
  • Present architecture recommendations to executives
  • Collaborate with enterprise architecture leadership
  • Guide M&A and integration architecture
  • Define security architecture vision and strategy
  • Lead architecture innovation and research
  • Develop next-generation architecture frameworks
  • Build strategic architecture partnerships
  • Guide organizational security transformation
  • Create thought leadership content
  • Represent organization in industry forums
  • Advise executive leadership on architecture strategy
  • Shape industry architecture standards
  • Define industry direction for security architecture
  • Lead transformational architecture initiatives
  • Serve as ultimate architecture authority
  • Shape security architecture profession
  • Build lasting architecture contributions
  • Guide organizational transformation
  • Represent organization at highest industry levels
  • Influence regulatory and standards bodies
Required Skills
  • Understanding of security architecture concepts
  • Familiarity with security frameworks (NIST, ISO, SABSA)
  • Basic threat modeling knowledge
  • Understanding of enterprise architecture basics
  • Documentation and diagramming skills
  • Knowledge of common security controls
  • Basic cloud architecture understanding
  • Security architecture design principles
  • Threat modeling methodologies (STRIDE, PASTA)
  • Cloud security architecture (AWS, Azure, GCP)
  • Application security architecture
  • Network security design
  • Security framework application
  • Architecture documentation
  • Stakeholder communication
  • Expert security architecture design
  • Advanced threat modeling and risk assessment
  • Cloud-native security architecture
  • Zero trust architecture implementation
  • Security architecture governance
  • Strategic planning and roadmapping
  • Executive communication
  • Cross-functional leadership
  • Mastery of security architecture across domains
  • Enterprise architecture strategy
  • Team leadership and development
  • Strategic planning and governance
  • Executive communication and influence
  • Vendor and technology evaluation
  • Cross-functional collaboration
  • Change management
  • World-class security architecture expertise
  • Strategic vision and leadership
  • Executive and board-level communication
  • Industry influence and recognition
  • Innovation and framework development
  • Cross-organizational leadership
  • Globally recognized architecture expertise
  • Transformational leadership and vision
  • Executive and board-level influence
  • Industry-shaping thought leadership
  • Strategic business impact
Preferred Skills
  • Prior security engineering or administration experience
  • Cloud certification (AWS, Azure)
  • TOGAF or other EA framework exposure
  • Application security fundamentals
  • Network architecture basics
  • Zero trust architecture concepts
  • Identity architecture
  • Container and microservices security
  • Data security architecture
  • Regulatory compliance mapping
  • Enterprise architecture frameworks
  • Security architecture frameworks (SABSA, OSA)
  • Regulatory and compliance architecture
  • M&A security architecture
  • Published architecture work
  • Board-level communication
  • Industry thought leadership
  • Regulatory and compliance strategy
  • Architecture practice development
  • Published architecture frameworks
  • Published architecture frameworks
  • Conference keynotes
  • Standards body participation
  • Advisory board roles
  • Academic affiliations
  • Founded architecture frameworks or methods
  • Government or regulatory advisory
  • Major industry awards
  • Academic distinguished appointments
Mentorship Requirements Receives direct mentorship from Senior architects. Shadows on architecture reviews and design sessions. Expected to complete architecture methodology training. Participates in architecture community of practice. Receives guidance from Senior architects on complex designs. Expected to begin mentoring Entry-level team members. Contributes to architecture standards and patterns. Should be developing expertise in specific domains. Primary mentor for Junior and Entry architects. Leads architecture training and knowledge sharing. Expected to develop architecture patterns and standards. Establishes reputation as expert in specific domains. Primary mentor for Mid and Junior architects. Responsible for architecture team development. Creates architecture career paths and programs. Industry mentorship through community engagement. Mentors Senior architects and emerging leaders. Shapes architecture career paths organization-wide. Industry-level mentorship through community engagement. Develops architecture thought leaders. Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions. May sponsor architecture education initiatives.
Impact Scope Individual contributor on documentation and research. Impact limited to supporting architecture deliverables. Work is reviewed by senior architects. Contributes to architecture team effectiveness. Directly contributes to security design quality. Responsible for specific architecture components. Design decisions impact project security. Beginning to influence architecture standards. Shapes security architecture for major initiatives. Design decisions set organizational patterns. Standards and frameworks improve security posture. Influences technology strategy and investment. Defines security architecture for organization. Strategic decisions impact long-term security posture. Team development impacts organizational maturity. Architecture standards enable business outcomes. Organizational and industry-level impact. Defines how security architecture is practiced. Shapes organizational security transformation. Influences industry standards and practices. Global industry impact. Defines how security architecture is practiced. Organizational transformation and long-term success. Creates lasting contributions to the profession.
Autonomy & Decision Authority Works under close supervision. Follows established architecture standards and templates. Limited authority to make design decisions independently. Escalates architecture questions to senior team. Works with moderate supervision. Can make design decisions within defined scope. Authority to approve standard patterns. Escalates novel or high-risk design decisions. Works independently with strategic guidance. Makes significant architecture decisions. Authority over design standards and patterns. Consulted on major technology and security decisions. High autonomy with strategic alignment. Makes significant architecture and strategy decisions. Authority over architecture standards and governance. Trusted to represent organization on architecture matters. Near-complete architecture autonomy. Strategic decision-making authority. Influences organizational direction. Authority over architecture vision. Trusted advisor to executive leadership. Complete autonomy over architecture domain. Executive-level decision authority. Shapes organizational strategy. May have significant influence over industry direction.
Communication & Stakeholders Primarily internal communication with architecture team. Documents findings and research. Participates in design review meetings as observer. Limited stakeholder interaction outside immediate team. Regular interaction with project teams and stakeholders. Presents design recommendations. Participates in architecture review boards. Documents designs for broader consumption. Regular communication with security and IT leadership. Presents to executive stakeholders. Engages with enterprise architecture. Documents standards for organization. Executive-level communication on architecture. Presents to board and steering committees. Represents architecture to organizational leadership. Builds relationships with industry peers. C-suite and board-level engagement. Industry-wide influence through publications. Standards body and industry forum participation. Media and analyst engagement. Global industry presence. Regulatory and government engagement. Media thought leadership. Premier industry and academic venues.
Degree / Experience Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 2-3 years of security engineering or IT architecture experience. Understanding of security design concepts. Bachelor's degree in Computer Science, Cybersecurity, or related field, OR 3-5 years of security engineering or architecture experience. Demonstrated ability to contribute to security designs. Bachelor's degree in relevant field with strong experience, OR Master's degree with moderate experience, OR 5-8 years of security architecture experience. Demonstrated track record of successful architecture initiatives. Master's degree preferred, OR Bachelor's with 8-12 years of security architecture experience. Demonstrated strategic impact and team leadership. Industry recognition through publications or speaking. Master's degree or higher often expected, OR 12+ years of security architecture experience with demonstrated industry impact. Industry recognition is essential qualification. Advanced degree often present, but industry recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders of major architecture frameworks or methods.
Certifications
  • CompTIA Security+
  • AWS/Azure Solutions Architect Associate
  • CISSP (in progress acceptable)
  • TOGAF Foundation
  • CISSP
  • AWS/Azure Security Specialty
  • SABSA Chartered Architect (Foundation)
  • CCSP
  • CISSP-ISSAP
  • SABSA Chartered Architect
  • TOGAF Certified
  • CCSP
  • Cloud Professional certifications
  • CISSP-ISSAP
  • SABSA Chartered Master (SCM)
  • TOGAF Certified (Level 2)
  • Industry recognition may substitute
  • Multiple advanced architecture certifications
  • Industry recognition supersedes certifications
  • Published frameworks or methods
  • Standards body participation
  • Certifications are irrelevant at this level
  • Known by reputation and body of work
  • May have frameworks or methods named after them
  • Industry hall of fame recognition
Salary: US Gov't $75,000 - $95,000 (GS-11 to GS-12) $90,000 - $120,000 (GS-12 to GS-13) $115,000 - $150,000 (GS-13 to GS-14) $140,000 - $175,000 (GS-14 to GS-15) $165,000 - $210,000 (GS-15 / SES equivalent) $190,000 - $250,000+ (Senior SES equivalent)
Salary: US Startup $85,000 - $115,000 $110,000 - $145,000 $145,000 - $185,000 $175,000 - $230,000 + equity $215,000 - $290,000 + significant equity $270,000 - $400,000+ + major equity
Salary: US Corporate $80,000 - $110,000 $100,000 - $135,000 $135,000 - $175,000 $165,000 - $215,000 $200,000 - $265,000 $250,000 - $350,000+
↑ Back to navigation

Defensive Security Management

Leaders who manage defensive security teams, programs, and business units. Responsible for strategy, people development, stakeholder relationships, and business outcomes. Progress from team management to organizational and executive leadership.

Attribute Management 1 / Manager Management 2 / Senior Manager Management 3 / Director
General Description First-line manager responsible for a team of defensive security practitioners. Balances people management with operational oversight. Ensures service quality, team development, and operational excellence. May maintain some hands-on technical work. Senior manager responsible for multiple teams or a significant security function. Drives strategy, develops managers, and owns outcomes for their area. Balances operational excellence with strategic development and stakeholder management. Director responsible for a defensive security department or major program area. Sets strategy, owns significant budget, and drives security capability development. Leads senior managers and builds organizational capability while maintaining strong stakeholder and industry relationships.
Primary Responsibilities
  • Manage team of 4-10 defensive security practitioners
  • Conduct performance reviews and career development
  • Ensure operational quality and service levels
  • Manage team scheduling and coverage
  • Hire and onboard new team members
  • Handle escalations and stakeholder concerns
  • Contribute to process and methodology improvements
  • Manage team budget and resources
  • Report on team metrics and performance
  • Lead multiple defensive security teams or major function
  • Develop and mentor first-line managers
  • Drive function strategy and capability development
  • Own budget and resource allocation
  • Build and maintain senior stakeholder relationships
  • Drive process improvement and maturity
  • Shape security service offerings and SLAs
  • Represent function in security leadership forums
  • Drive operational excellence and quality
  • Support compliance and audit activities
  • Lead defensive security department or program area
  • Set function strategy and multi-year roadmap
  • Own budget and financial performance for area
  • Build and develop senior management team
  • Drive security capability maturity and growth
  • Build strategic stakeholder relationships
  • Shape security services and investments
  • Represent function in executive leadership forums
  • Drive thought leadership and industry presence
  • Partner with business on security enablement
  • Ensure regulatory compliance and audit readiness
  • Manage organizational change and transformation
Required Skills
  • Strong defensive security technical background
  • People management and development
  • Operational management fundamentals
  • Stakeholder relationship management
  • Communication and conflict resolution
  • Hiring and team building
  • Performance management
  • Basic business acumen
  • Strong technical and operational leadership
  • Multi-team management
  • Strategic planning and execution
  • Budget management
  • Executive stakeholder relationships
  • Program management
  • Organizational influence
  • Change management
  • Strategic leadership and planning
  • Budget management and business acumen
  • Senior team leadership and development
  • Executive stakeholder management
  • Business partnership and enablement
  • Organizational influence and navigation
  • Industry presence and thought leadership
  • Change management and transformation
  • Executive communication and presentation
Preferred Skills
  • Prior senior technical role
  • Formal management training
  • Budget management experience
  • Cross-functional collaboration
  • Vendor management
  • MBA or business education
  • Prior director-level experience
  • Large program or function leadership
  • Industry recognition
  • Vendor and partner management
  • Prior director-level experience
  • MBA or advanced business education
  • Public company experience
  • Industry conference speaking
  • Advisory board participation
  • M&A or integration experience
Mentorship Requirements Primary mentor for direct reports. Responsible for team career development. Develops informal management skills in senior ICs. Participates in management development programs. Primary mentor for managers and senior ICs. Responsible for leadership development in function. Creates career frameworks and development programs. Industry mentorship presence developing. Develops senior management talent pipeline. Mentors senior managers and high-potential leaders. Shapes function career frameworks. Industry mentorship through speaking and community engagement. Sponsors emerging leaders.
Impact Scope Team performance and development. Operational outcomes for assigned function. Team retention and growth. Stakeholder relationships. Function performance and development. Security outcomes for major area. Multi-team capability and maturity. Senior stakeholder relationships. Function performance and strategic direction. Department financial outcomes. Senior leadership capability. Strategic stakeholder relationships. Industry reputation and influence.
Autonomy & Decision Authority Authority over team operations and assignments. Makes hiring recommendations. Budget authority within defined limits. Escalates strategic decisions to director level. Significant operational autonomy. Budget authority for function. Authority over strategy within area. Makes significant hiring and investment decisions. Reports to Director or CISO level. Full authority over function operations. Budget ownership and investment decisions within allocation. Authority over senior hiring and organizational structure. Strategic decision-making for function. Reports to VP, CISO, or executive leadership.
Communication & Stakeholders Regular communication with director leadership. Stakeholder communication on operational matters. Team communication and alignment. Cross-functional coordination. Executive-level stakeholder engagement. Security leadership communication. May represent security externally. Board-level reporting preparation. VP and executive leadership engagement. Business unit leader relationships. Industry conference and event presence. Cross-functional executive collaboration. May engage with board on function matters.
Degree / Experience Bachelor's degree in relevant field with 6+ years of defensive security experience including leadership, OR equivalent experience. Technical depth with demonstrated leadership capability. Bachelor's degree with 8+ years experience including management, OR Master's degree with 6+ years. Demonstrated leadership of managers and function outcomes. Bachelor's degree with 10+ years including senior management leadership, OR Master's/MBA with 8+ years. Demonstrated budget ownership and function growth. Industry recognition developing.
Certifications
  • Defensive security certifications from IC track
  • Management or leadership certifications helpful
  • PMP or project management training
  • CISSP, CISM for credibility
  • CISSP, CISM, or CISO-level certifications
  • MBA or executive education
  • Leadership development programs
  • Industry recognition developing
  • CISSP, CISM, CISO certifications
  • Executive education programs
  • Industry recognition often supersedes certifications
  • Board governance training helpful
Salary: US Gov't $120,000 - $155,000 (GS-14 to GS-15) $150,000 - $190,000 (GS-15 / SES equivalent) $170,000 - $210,000 (GS-15 Step 10 / SES equivalent)
Salary: US Startup $145,000 - $190,000 + equity $180,000 - $250,000 + significant equity $210,000 - $290,000 + significant equity
Salary: US Corporate $135,000 - $180,000 $170,000 - $235,000 $195,000 - $270,000 + bonus
↑ Back to navigation

About This Framework

This standardization framework is designed to:

  1. Provide clarity on role expectations at each level
  2. Enable fair compensation through transparent salary benchmarking
  3. Support career development by clearly defining progression paths
  4. Facilitate hiring with consistent job descriptions and requirements

Salary Notes

Sector Notes
US Government Based on General Schedule (GS) and Senior Executive Service (SES) pay scales. Actual compensation varies by locality pay area.
US Startup Reflects venture-backed companies. Equity compensation can significantly increase total compensation.
US Corporate Reflects Fortune 500 and large enterprise compensation. May include bonus structures of 10-30%+.

All salary figures are estimates based on market data and may vary significantly by geography, company size, industry, and individual negotiation.

Contributing

This is an open-source effort to standardize security titles. Join the discussion to help improve these frameworks.